<?php
class Application_Plugin_AccessCheck extends Zend_Controller_Plugin_Abstract
{
	private $_auth = null;
	private $_acl = null;

	public function __construct(Zend_Acl $acl, Zend_Auth $auth)
	{
		$this->_acl = $acl;
		$this->_auth = $auth;
	}

	public function preDispatch(Zend_Controller_Request_Abstract $request)
	{

		if(!$this->_auth->hasIdentity()) {
			$request->setControllerName('authenticate');
			$request->setActionName('login');
		} else {

			$resource = $request->getControllerName();
			$privilege = $request->getActionName();

			$identity = $this->_auth->getStorage()->read();
			$role = $identity->userrole;

			if(!$this->_acl->isAllowed($role, $resource, $privilege)) {
					
				$request->setControllerName('authenticate');
				$request->setActionName('deny');
			}
		}
	}
}